diff --git a/cluster/services/irc/irc-host.nix b/cluster/services/irc/irc-host.nix index 3d26f8e..afb08a4 100644 --- a/cluster/services/irc/irc-host.nix +++ b/cluster/services/irc/irc-host.nix @@ -9,6 +9,7 @@ let linkSecure = cluster.config.links.ircSecure; otherServers = map mkServer cluster.config.services.irc.otherNodes.host; otherServerFiles = map (builtins.toFile "ngircd-peer.conf") otherServers; + opers = map mkOper [ "max" "num" "ark" ]; mkServer = name: '' [Server] @@ -20,6 +21,14 @@ let SSLConnect = yes Passive = no ''; + + # oper password is irrelevant, mask ensures security thanks to PAM + mkOper = name: '' + [Operator] + Name = ${name} + Password = please + Mask = *!${name}@* + ''; serverName = "${subDomain}.irc.${domain}"; cert = config.security.acme.certs."${serverName}"; @@ -51,6 +60,10 @@ in { MorePrivacy = yes PAM = yes PAMIsOptional = yes + OperCanUseMode = yes + OperChanPAutoOp = yes + + ${builtins.concatStringsSep "\n" opers} ''; }; networking.firewall.allowedTCPPorts = [